Upon Check-in, the session should automatically get closed
- Once the user’s work is done and user clicks on ‘Check-in’ button, the privilege session window does not close automatically.
- As a consequence, the user can continue to work in the window until the maximum checkout period.
- Ideally, the privilege session window should be forcefully closed upon clicking ‘Check-in’ button if user has not closed it himself.
- This creates a risk of user doing a fraudulent activity after clicking on ‘Check-in’ button, even though the session recording is ON.
- In case 2nd session is started while the 1st session’s window is still open (although the user has checked-in the 1st session), BT allows 2 concurrent sessions running in parallel (depending on the endpoint server configuration). This contradicts with Access policy of single session per account at any given time.